TW202001582A - Method of device identification and server with function of device identification - Google Patents

Method of device identification and server with function of device identification Download PDF

Info

Publication number
TW202001582A
TW202001582A TW107119783A TW107119783A TW202001582A TW 202001582 A TW202001582 A TW 202001582A TW 107119783 A TW107119783 A TW 107119783A TW 107119783 A TW107119783 A TW 107119783A TW 202001582 A TW202001582 A TW 202001582A
Authority
TW
Taiwan
Prior art keywords
server
external device
information
external
white list
Prior art date
Application number
TW107119783A
Other languages
Chinese (zh)
Inventor
廖憲琛
Original Assignee
英研智能移動股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 英研智能移動股份有限公司 filed Critical 英研智能移動股份有限公司
Priority to TW107119783A priority Critical patent/TW202001582A/en
Publication of TW202001582A publication Critical patent/TW202001582A/en

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

A method of device identification includes the following steps: enabling a server for executing an application program; determining whether a external device is plugged into a device port of the server by a event system of the server when the application program is executed; capturing information associated with the external device by a device file system when it is determined that the external device is plugged into the device port of the server; determining whether the external device is a legal device or not by comparing a content of a black-white list stored in the server to the information associated with the external device; executing a device application program associated with the external device by the server when it is determined that the external device is a legal device.

Description

裝置辨識方法及具有裝置辨識功能的伺服器Device identification method and server with device identification function

本發明係關於一種裝置辨識方法及具有裝置辨識功能的伺服器,特別是一種應用黑白名單的裝置辨識方法及具有裝置辨識功能的伺服器。The invention relates to a device identification method and a server with a device identification function, in particular to a device identification method using a black and white list and a server with a device identification function.

市面上的伺服器設備通常會與其他的周邊裝置結合使用,常見的周邊裝置可以例如是USB介面的鍵盤、滑鼠或是隨身碟等。為了因應該類型的周邊裝置被插接至伺服器設備或從伺服器設備移除,對應的運作往往需要預先設定於伺服器設備當中,並無法動態地改變。另外,亦無法針對於未知的周邊裝置進行擴充支援。Server devices on the market are usually used in combination with other peripheral devices. Common peripheral devices may be, for example, a USB interface keyboard, a mouse, or a flash drive. In order to be plugged into or removed from the server device according to the type of peripheral device, the corresponding operation often needs to be preset in the server device and cannot be dynamically changed. In addition, it cannot expand support for unknown peripheral devices.

再者,對於同頪型之周邊裝置,伺服器設備無法在接入時辨別其廠牌/型號,亦無法對其進行初始化以及功能測試等。由於伺服器設備無法經過檢測就直接使用周邊裝置,因此若是插入的裝置不明或異常,恐會對伺服器設備之安全性造成危害。In addition, for peripheral devices of the same type, the server device cannot identify the brand/model when it is connected, nor can it initialize or perform function tests. Because the server device cannot directly use the peripheral device without detection, if the inserted device is unknown or abnormal, it may cause harm to the security of the server device.

本發明提出一種裝置辨識方法及具有裝置辨識功能的伺服器,兼具內部裝置的自我檢測功能及週邊裝置的外部檢測功能。藉此,可以確認所裝設的內/外部裝置是否為合法裝置,以提升伺服器的運作安全性。The invention provides a device identification method and a server with a device identification function, which has both a self-detection function for internal devices and an external detection function for peripheral devices. In this way, it can be confirmed whether the installed internal/external devices are legitimate devices, so as to improve the operational safety of the server.

依據本發明之一實施例揭露一種裝置辨識方法,包含以下步驟:啟動伺服器以執行伺服器內的應用程式;當執行應用程式時,以伺服器內的事件系統偵測是否有外接裝置插接至伺服器的裝置連接埠;當事件系統偵測到有外接裝置插接至伺服器的裝置連接埠時,以伺服器內的裝置檔案系統擷取外接裝置的資訊;依據伺服器內存的黑白名單比對外接裝置的資訊,以判斷外接裝置是否為合法裝置;當判斷外接裝置係為合法裝置時,以伺服器執行關聯於外接裝置的裝置應用程式。於一實施例中,所述方法更包含在執行該應用程式後,執行自我檢測程序,用於檢測伺服器內的主板上的多個硬體裝置,如同於外接裝置插接後之行為,檢測該些硬體裝置的資訊是否符合硬體清單的預設內容,以選擇性地啟用該些硬體裝置。According to an embodiment of the present invention, a device identification method is disclosed, which includes the following steps: starting a server to execute an application program in the server; when executing an application program, the event system in the server detects whether an external device is plugged in Device port to the server; when the event system detects that an external device is plugged into the device port of the server, the device file system in the server is used to retrieve the information of the external device; based on the black and white list of the server memory The information of the external device is compared to determine whether the external device is a legal device; when it is determined that the external device is a legal device, the server executes the device application program associated with the external device. In one embodiment, the method further includes performing a self-test procedure after executing the application program, for detecting multiple hardware devices on the motherboard in the server, just like the behavior after the external device is plugged in. Whether the information of the hardware devices meets the default content of the hardware list to selectively activate the hardware devices.

依據本發明之一實施例揭露一種具有裝置辨識功能的伺服器,包含主板、裝置連接埠、第一儲存區、第二儲存區及第三儲存區。所述的第一儲存區、第二儲存區及第三儲存區位於主板上,裝置連接埠電性連接主板且用以供外接裝置可插拔地連接。第一儲存區用以儲存應用程式以及關聯於內/外接裝置的裝置應用程式。第二儲存區用以儲存黑白名單及硬體清單。第三儲存區儲存事件系統及裝置檔案系統。事件系統用以當應用程式被執行時,偵測是否有外接裝置插接至伺服器的裝置連接埠。裝置檔案系統用以當偵測有外接裝置插接至伺服器的裝置連接埠時,擷取外接裝置的資訊。其中伺服器依據黑白名單對照外接裝置的資訊,判斷外接裝置是否為合法裝置,且當判斷外接裝置係為合法裝置時,伺服器執行關聯於外接裝置的裝置應用程式。於一實施例中,在執行該應用程式後,伺服器更執行自我檢測程序,用於檢測主板上的多個硬體裝置,如同於外接裝置插接後之行為,伺服器依據該些硬體裝置的資訊查詢第二儲存區的硬體清單的內容,以選擇性地啟用該些硬體裝置。According to one embodiment of the present invention, a server with a device identification function is disclosed, including a motherboard, a device port, a first storage area, a second storage area, and a third storage area. The first storage area, the second storage area, and the third storage area are located on the motherboard, and the device connection port is electrically connected to the motherboard and is used for pluggable connection of an external device. The first storage area is used to store application programs and device application programs associated with internal/external devices. The second storage area is used to store black and white lists and hardware lists. The third storage area stores the event system and the device file system. The event system is used to detect whether an external device is plugged into the device port of the server when the application is executed. The device file system is used to retrieve the information of the external device when it detects that the external device is plugged into the device port of the server. The server compares the information of the external device based on the black and white list to determine whether the external device is a legal device, and when the external device is determined to be a legal device, the server executes the device application program associated with the external device. In one embodiment, after executing the application program, the server further executes a self-detection process for detecting multiple hardware devices on the motherboard, just like the behavior after the external device is plugged in. The server depends on the hardware The device information queries the contents of the hardware list in the second storage area to selectively activate the hardware devices.

綜上所述,於本發明提出的裝置辨識方法及具有裝置辨識功能的伺服器中,先藉由自我檢測程序以確認內部裝置是否啟用,另外再偵測外接裝置且擷取外接裝置的廠牌/型號等相關資訊,與預存的黑白名單進行比對,以判定所插接的周邊裝置是否為合法裝置,從而決定是否執行對應的裝置應用程式。本發明提出的裝置辨識方法及具有裝置辨識功能的伺服器兼具有內部裝置及外部週邊裝置的檢測功能。藉此,可以確認所裝設的內/外部裝置是否為合法裝置,以提升伺服器的運作安全性。In summary, in the device identification method and the server with the device identification function proposed by the present invention, the self-detection process is used to confirm whether the internal device is activated, and then the external device is detected and the brand of the external device is retrieved /Model and other related information are compared with the pre-stored black and white list to determine whether the plugged-in peripheral device is a legal device, and then decide whether to execute the corresponding device application program. The device identification method and the server with the device identification function proposed by the present invention also have the detection functions of the internal device and the external peripheral device. In this way, it can be confirmed whether the installed internal/external devices are legitimate devices, so as to improve the operational safety of the server.

以上之關於本揭露內容之說明及以下之實施方式之說明係用以示範與解釋本發明之精神與原理,並且提供本發明之專利申請範圍更進一步之解釋。The above description of the disclosure and the following description of the embodiments are used to demonstrate and explain the spirit and principle of the present invention, and provide a further explanation of the scope of the patent application of the present invention.

以下在實施方式中詳細敘述本發明之詳細特徵以及優點,其內容足以使任何熟習相關技藝者了解本發明之技術內容並據以實施,且根據本說明書所揭露之內容、申請專利範圍及圖式,任何熟習相關技藝者可輕易地理解本發明相關之目的及優點。以下之實施例係進一步詳細說明本發明之觀點,但非以任何觀點限制本發明之範疇。The following describes in detail the detailed features and advantages of the present invention in the embodiments. The content is sufficient for any person skilled in the relevant art to understand and implement the technical content of the present invention, and according to the contents disclosed in this specification, the scope of patent application and the drawings Anyone skilled in the relevant art can easily understand the purpose and advantages of the present invention. The following examples further illustrate the views of the present invention in detail, but do not limit the scope of the present invention in any way.

請參照圖1,圖1係依據本發明之一實施例所繪示的具有裝置辨識功能的伺服器的功能方塊圖。如圖1所示,伺服器1包含主板10、裝置連接埠11、第一儲存區12、第二儲存區13及第三儲存區14。所述的第一儲存區12、第二儲存區13及第三儲存區14係位於主板10上,於一實施例中,除了前述的儲存區之外,主板10更設有多個硬體裝置101~103。主板10例如是一般伺服器內的主電路板,而硬體裝置101~103例如分別是顯示卡、音效卡、網路卡等伺服器內部的硬體元件,本發明不以此為限。Please refer to FIG. 1. FIG. 1 is a functional block diagram of a server with a device identification function according to an embodiment of the present invention. As shown in FIG. 1, the server 1 includes a motherboard 10, a device connection port 11, a first storage area 12, a second storage area 13 and a third storage area 14. The first storage area 12, the second storage area 13 and the third storage area 14 are located on the motherboard 10. In an embodiment, in addition to the aforementioned storage area, the motherboard 10 is further provided with multiple hardware devices 101~103. The main board 10 is, for example, a main circuit board in a general server, and the hardware devices 101 to 103 are, for example, hardware components inside a server such as a graphics card, a sound card, and a network card, and the invention is not limited thereto.

裝置連接埠11電性連接主板10且用以供外接裝置2可插拔地連接。於實務上,裝置連接埠11可以係為一般常見的USB介面連接埠,用於提供給週邊裝置進行插拔。而第一儲存區12用以儲存應用程式AP及關聯於內/外接裝置的裝置應用程式DP(即為“Device Process”)。第二儲存區13用以儲存黑白名單BL及/或硬體清單HL。第三儲存區14用以儲存事件系統ES(即為“Event System”)及裝置檔案系統DS(即為“Device File System”)。於一個實作的例子中,第一儲存區12與第二儲存區13係由單一個儲存記憶體(例如硬碟)所具有的儲存空間分割而成,第三儲存區14則為裝置接入時映射出的虛擬記憶體空間,作用於與裝置資料傳遞之接口。於另一個實作的例子中,第一儲存區12、第二儲存區13係為不同的儲存記憶體(例如雲端儲存空間)所各別具有的儲存空間。而於一實施例中,前述的黑白名單BL與硬體清單HL可整合為單一的系統黑白名單供伺服器1查詢。The device port 11 is electrically connected to the motherboard 10 and is used for pluggable connection of the external device 2. In practice, the device port 11 can be a common USB interface port for plugging and unplugging to peripheral devices. The first storage area 12 is used to store the application program AP and the device application program DP (that is, "Device Process") associated with the internal/external device. The second storage area 13 is used to store the black and white list BL and/or the hardware list HL. The third storage area 14 is used to store the event system ES (that is, “Event System”) and the device file system DS (that is, “Device File System”). In an implementation example, the first storage area 12 and the second storage area 13 are divided by the storage space of a single storage memory (such as a hard disk), and the third storage area 14 is for device access The virtual memory space mapped out at the time acts on the interface with the device data transfer. In another implementation example, the first storage area 12 and the second storage area 13 are storage spaces respectively provided by different storage memories (such as cloud storage spaces). In one embodiment, the aforementioned black and white list BL and hardware list HL can be integrated into a single system black and white list for the server 1 to query.

於一實施例中,當初始啟動伺服器1時,伺服器1會先執行第一儲存區12內的應用程式AP,以啟動一個自我檢測程序,用於檢測主板10上的硬體裝置101~103。具體來說,伺服器1是藉由執行所述的自我檢測程序,以確認主板10上所裝設的硬體裝置101~103是否為所欲安裝的裝置。於實際運作上,若是伺服器1確認硬體裝置101~103其中任一係為所欲安裝的裝置,便將其啟用。反之,若是伺服器1確認硬體裝置101~103其中任一不是所欲安裝的裝置,便會禁用該硬體裝置。藉由執行自我檢測程序,伺服器1便可以確認要啟用主板10上的哪些硬體裝置且要禁用哪些硬體裝置。於一個實際的例子中,所述的自我檢測程序包含檢測硬體裝置101~103的資訊是否符合硬體清單HL的預設內容,以選擇性地啟用硬體裝置101~103。In an embodiment, when the server 1 is initially started, the server 1 will first execute the application AP in the first storage area 12 to start a self-detection process for detecting the hardware device 101 on the motherboard 10~ 103. Specifically, the server 1 performs the self-test procedure to confirm whether the hardware devices 101 to 103 installed on the motherboard 10 are the devices to be installed. In actual operation, if the server 1 confirms that any of the hardware devices 101 to 103 is the device to be installed, it will be activated. On the contrary, if the server 1 confirms that any of the hardware devices 101 to 103 is not the device to be installed, it will disable the hardware device. By performing the self-test procedure, the server 1 can confirm which hardware devices on the motherboard 10 are to be enabled and which hardware devices are to be disabled. In a practical example, the self-detection process includes detecting whether the information of the hardware devices 101-103 meets the preset content of the hardware list HL, so as to selectively activate the hardware devices 101-103.

具體來說,在自我檢測程序中,伺服器1的處理器首先從第三儲存區14內的裝置檔案系統DS找出主板10上所裝設的硬體裝置101~103,並比對第二儲存區13內硬體清單HL的預設內容,所述的預設內容可包含所屬伺服器認可的硬體裝置的廠牌及/或型號。伺服器1逐一檢查每個硬體裝置101~103,若硬體裝置101~103當中任一硬體裝置的廠牌及/或型號不屬於硬體清單HL所包含的硬體裝置的廠牌及/或型號,則伺服器1會將該硬體裝置辨識為不合法之硬體裝置且進一步地禁用該硬體裝置。反之,若硬體裝置101~103當中任一硬體裝置的廠牌及/或型號係屬於硬體清單HL所包含的硬體裝置的廠牌及/或型號,則伺服器1會將該硬體裝置辨識為合法之硬體裝置且進一步地執行關於該硬體裝置的裝置應用程式以啟用該硬體裝置。Specifically, in the self-test procedure, the processor of the server 1 first finds the hardware devices 101-103 installed on the motherboard 10 from the device file system DS in the third storage area 14, and compares the second The preset content of the hardware list HL in the storage area 13 may include the brand and/or model of the hardware device approved by the server. The server 1 checks each of the hardware devices 101 to 103 one by one. If the brand and/or model of any hardware device in the hardware devices 101 to 103 does not belong to the hardware device brand and the hardware device included in the hardware list HL /Or model, the server 1 will recognize the hardware device as an illegal hardware device and further disable the hardware device. Conversely, if the brand and/or model of any of the hardware devices 101 to 103 belongs to the brand and/or model of the hardware device included in the hardware list HL, the server 1 The hardware device is recognized as a legal hardware device and further executes a device application program on the hardware device to activate the hardware device.

換言之,此實施例係通過裝置檔案系統DS掃描以找出已連接伺服器之各個硬體裝置,為其建立並記錄一些可得到相關於該些硬體裝置的資訊,以便於管理硬體裝置的使用情況。必要時也可將其記錄上傳至雲端,延伸保固相關之用。伺服器1可以確保開機時僅啟用內部某些可信任的硬體裝置,而對於不明的硬體裝置則予以禁用,藉此提升伺服器運作的安全性。In other words, this embodiment scans through the device file system DS to find each hardware device connected to the server, and creates and records some information related to the hardware devices to facilitate management of the hardware device. Usage. If necessary, its records can also be uploaded to the cloud for extended warranty-related use. The server 1 can ensure that only certain trusted hardware devices are enabled when it is turned on, and it is disabled for unknown hardware devices, thereby improving the security of the server operation.

請再次參閱圖1,於另一實施例中,事件系統ES用以於應用程式AP被執行時,偵測是否有外接裝置2插接至伺服器1的裝置連接埠11。而裝置檔案系統DS用以於偵測有外接裝置2插接至伺服器1的裝置連接埠11時,擷取外接裝置2的資訊。具體來說,當執行完前述的自我檢測裝置後,伺服器1內部主板10上的合法硬體裝置便可開始運作,以執行伺服器的基本運行功能。接著,在應用程式AP常駐的背景之下,伺服器1內的處理器會讀取第三儲存區14的事件系統ES與裝置檔案系統DS以執行外接裝置2的插接偵測與外接裝置2的資料擷取的任務。於此實施例中,所述的外接裝置2係為USB隨身碟。於其他實施例中,外接裝置2可以係為鍵盤、滑鼠等電腦週邊裝置。Please refer to FIG. 1 again. In another embodiment, the event system ES is used to detect whether an external device 2 is plugged into the device port 11 of the server 1 when the application AP is executed. The device file system DS is used to retrieve the information of the external device 2 when detecting that the external device 2 is plugged into the device port 11 of the server 1. Specifically, after the aforementioned self-detection device is executed, the legal hardware device on the motherboard 10 inside the server 1 can start to operate to perform the basic operation functions of the server. Then, in the background where the application AP is resident, the processor in the server 1 reads the event system ES and the device file system DS of the third storage area 14 to perform the plug detection of the external device 2 and the external device 2 The task of data retrieval. In this embodiment, the external device 2 is a USB flash drive. In other embodiments, the external device 2 may be a computer peripheral device such as a keyboard or a mouse.

以一個實際應用例子來說明上述內容,如圖1所示,在執行應用程式AP的情形下,當外接裝置2(例如USB隨身碟)被插接至裝置連接埠11時,事件系統ES會先偵測到裝置連接埠11受到外接裝置2插接的動作,應用程式AP依據事件系統ES所偵測到的事件對裝置檔案系統DS擷取外接裝置2的相關資訊,其中所述的相關資訊可例如是外接裝置2的製造廠牌/型號。接著,伺服器1依據黑白名單BL對照所擷取到的外接裝置2的資訊,以判斷外接裝置2是否為合法裝置。以一實施例中,伺服器1用以當黑白名單BL內的所述的多個白名單項目其中之一符合外接裝置2的資訊時,判斷外接裝置2為合法裝置。To illustrate the above with a practical application example, as shown in FIG. 1, in the case of executing the application AP, when an external device 2 (such as a USB flash drive) is plugged into the device port 11, the event system ES will first Detecting that the device port 11 is plugged by the external device 2, the application AP retrieves the relevant information of the external device 2 from the device file system DS according to the event detected by the event system ES, where the relevant information can be For example, the manufacturer/model of the external device 2. Then, the server 1 checks the information of the external device 2 according to the black-and-white list BL to determine whether the external device 2 is a legitimate device. In an embodiment, the server 1 is used to determine that the external device 2 is a legitimate device when one of the plurality of white list items in the black and white list BL matches the information of the external device 2.

詳細來說,伺服器1內的處理器從第二儲存區13讀取黑白名單BL,黑白名單BL包含有多個白名單項目,例如可判定為合法裝置的製造廠牌/型號。當所擷取到的外接裝置2的製造廠牌/型號係符合白名單項目其中之一,伺服器1便認定外接裝置2係為合法裝置。當伺服器1判斷外接裝置2係為合法裝置時,伺服器1便執行關聯於外接裝置2的裝置應用程式DP。於實務上,所述的裝置應用程式DP可包含外接裝置2的初始化、功能測試、故障排除和日誌等。換言之,透過所述應用程式AP常駐下,當週邊的外接裝置與伺服器1結合時,伺服器1可取得插接的外接裝置的相關資訊,進一步地透過黑白名單BL確認所插接的外接裝置是否合法,以作為是否執行該外接裝置的應用程式的依據。如此,可解決一般傳統伺服器未經檢測就直接使用週邊裝置所產生的風險,提升整體伺服器的安全性。In detail, the processor in the server 1 reads the black and white list BL from the second storage area 13, and the black and white list BL contains a plurality of white list items, such as the manufacturer/model number that can be determined as a legitimate device. When the captured manufacturer/model of the external device 2 meets one of the items in the white list, the server 1 determines that the external device 2 is a legal device. When the server 1 determines that the external device 2 is a legitimate device, the server 1 executes the device application DP associated with the external device 2. In practice, the device application DP may include initialization, functional testing, troubleshooting, logs, etc. of the external device 2. In other words, through the application AP resident, when the peripheral external device is combined with the server 1, the server 1 can obtain information about the plugged external device, and further confirm the plugged external device through the black and white list BL Whether it is legal, as a basis for whether to execute the application program of the external device. In this way, it is possible to solve the risk that the conventional server directly uses peripheral devices without detection, and improve the security of the overall server.

請參照圖2,圖2係依據本發明之一實施例所繪示的裝置辨識方法的方法流程圖。所述的裝置辨識方法可應用於前述圖1實施例的伺服器1。如圖2所示,於步驟S201中,啟動伺服器1,且於步驟S202中,伺服器1的處理器執行伺服器1內的應用程式AP。於步驟S203中,當執行應用程式AP時,以伺服器1內的事件系統ES(即為“Event System”)偵測是否有外接裝置2插接至伺服器1的裝置連接埠11。當事件系統ES偵測到有外接裝置2插接至伺服器1的裝置連接埠11時,則於步驟S204中,以伺服器1內的裝置檔案系統DS(即為“Device File System”)擷取外接裝置2的資訊。於步驟S205中,依據伺服器1內存的黑白名單BL比對外接裝置的資訊,以判斷外接裝置2是否為合法裝置。當判斷外接裝置2係為合法裝置時,則於步驟S206中,以伺服器1執行關聯於外接裝置2的裝置應用程式。Please refer to FIG. 2, which is a flowchart of a method for identifying a device according to an embodiment of the invention. The device identification method described above can be applied to the server 1 of the aforementioned embodiment of FIG. 1. As shown in FIG. 2, in step S201, the server 1 is started, and in step S202, the processor of the server 1 executes the application program AP in the server 1. In step S203, when the application program AP is executed, an event system ES (ie, "Event System") in the server 1 is used to detect whether an external device 2 is plugged into the device port 11 of the server 1. When the event system ES detects that an external device 2 is plugged into the device port 11 of the server 1, in step S204, the device file system DS (ie, "Device File System") in the server 1 is used to retrieve Get information from external device 2. In step S205, the information of the external device is compared with the black and white list BL in the server 1 to determine whether the external device 2 is a legitimate device. When it is determined that the external device 2 is a legitimate device, in step S206, the server 1 is used to execute the device application associated with the external device 2.

於一實施例中,如圖2所示,在啟動伺服器1後且執行伺服器1內的應用程式AP後,於步驟S202a中,更執行一自我檢測程序,用於檢測伺服器1內的主板10上的多個硬體裝置101~103。於此實施例中,所述的自我檢測程序包含檢測所述硬體裝置101~103的資訊是否符合硬體清單HL的預設內容,以選擇性地啟用該些硬體裝置101~103。硬體清單HL的預設內容包含伺服器1所認可的硬體裝置的廠牌及/或型號。換言之,僅有硬體清單HL所含的硬體裝置的廠牌及/或型號才會被伺服器1所啟用。以實際例子來說,假設硬體裝置101係為A家廠商所產出的硬體裝置,而硬體清單HL並未包含該A家廠商的廠牌。此時,伺服器1便判定硬體裝置101(即A家廠牌)不適用而禁用硬體裝置101。在實作上,伺服器的設計廠商可將伺服器設定成適用某特定幾家廠牌或型號的硬體裝置,藉此可避免自家生產的伺服器與不明廠牌/型號的硬體裝置組合,而導致本身伺服器運行異常。In an embodiment, as shown in FIG. 2, after the server 1 is started and the application AP in the server 1 is executed, in step S202a, a self-detection process is further performed to detect the Multiple hardware devices 101-103 on the motherboard 10. In this embodiment, the self-detection process includes detecting whether the information of the hardware devices 101-103 meets the default content of the hardware list HL, so as to selectively activate the hardware devices 101-103. The default content of the hardware list HL includes the brand and/or model of the hardware device approved by the server 1. In other words, only the brand and/or model of the hardware device included in the hardware list HL will be activated by the server 1. In a practical example, assume that the hardware device 101 is a hardware device produced by A manufacturer, and the hardware list HL does not include the manufacturer's brand. At this time, the server 1 determines that the hardware device 101 (ie, A brand) is not suitable and disables the hardware device 101. In practice, the server design manufacturer can set the server to be suitable for a certain number of brands or models of hardware devices, thereby avoiding the combination of its own servers and unknown brands/models of hardware devices , Causing the server to operate abnormally.

於一實施例中,依據伺服器1內存的黑白名單BL比對外接裝置2的資訊,以判斷外接裝置2是否為合法裝置的步驟包含以下子步驟I~III。於子步驟I中,對照黑白名單BL所包含的多個白名單項目與外接裝置2的資訊。於子步驟II中,當外接裝置2的資訊符合該些白名單項目其中之一時,判斷該外接裝置2為合法裝置。於子步驟III中,當外接裝置2的資訊不符合該些白名單項目任一者時,判斷外接裝置2為不合法裝置。關於伺服器1針對內部硬體裝置101~103及外接裝置2的檢測已於前述段落有詳細說明,在此不予贅述。In one embodiment, the step of comparing the information of the external device 2 according to the black and white list BL in the server 1 to determine whether the external device 2 is a legitimate device includes the following sub-steps I to III. In sub-step I, the white list items included in the black and white list BL are compared with the information of the external device 2. In sub-step II, when the information of the external device 2 matches one of the white list items, it is determined that the external device 2 is a legitimate device. In sub-step III, when the information of the external device 2 does not match any of the white list items, it is determined that the external device 2 is an illegal device. The detection of the internal hardware devices 101 to 103 and the external device 2 by the server 1 has been described in detail in the foregoing paragraphs, and will not be repeated here.

綜上所述,於本發明提出的裝置辨識方法及具有裝置辨識功能的伺服器中,在應用程式常駐的背景之下,可透過自我檢測程序以確認要啟用哪些內部裝置,亦可偵測週邊的外接裝置的插接且進一步擷取外接裝置的廠牌/型號等相關資訊,與預存的黑白名單進行比對,據以判定所插接的周邊裝置是否為合法裝置,從而決定是否執行對應的裝置應用程式。總結來說,本發明提出的裝置辨識方法及具有裝置辨識功能的伺服器係兼具有內部裝置的自我檢測功能及外部週邊裝置的檢測功能。藉此,可以確認所裝設的內/外部裝置是否為合法裝置,以提升伺服器的運作安全性。In summary, in the device identification method and the server with device identification function proposed by the present invention, in the context of the permanent application, the self-detection process can be used to confirm which internal devices are to be activated and can also detect the surrounding Plug in the external device and further retrieve the relevant information such as the make/model of the external device, and compare it with the pre-stored black and white list to determine whether the connected peripheral device is a legal device, so as to decide whether to execute the corresponding Device application. In summary, the device identification method and the server with the device identification function proposed by the present invention have both the self-detection function of the internal device and the detection function of the external peripheral device. In this way, it can be confirmed whether the installed internal/external devices are legitimate devices, so as to improve the operational safety of the server.

雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明。在不脫離本發明之精神和範圍內,所為之更動與潤飾,均屬本發明之專利保護範圍。關於本發明所界定之保護範圍請參考所附之申請專利範圍。Although the present invention is disclosed as the foregoing embodiments, it is not intended to limit the present invention. Without departing from the spirit and scope of the present invention, all modifications and retouching are within the scope of patent protection of the present invention. For the protection scope defined by the present invention, please refer to the attached patent application scope.

1‧‧‧伺服器10‧‧‧主板101~103‧‧‧硬體裝置11‧‧‧裝置連接埠12‧‧‧第一儲存區13‧‧‧第二儲存區14‧‧‧第三儲存區2‧‧‧外接裝置AP‧‧‧應用程式DP‧‧‧裝置應用程式BL‧‧‧黑白名單HL‧‧‧硬體清單ES‧‧‧事件系統DS‧‧‧裝置檔案系統1‧‧‧Server 10‧‧‧ Motherboard 101~103‧‧‧Hardware device 11‧‧‧Device port 12‧‧‧ First storage area 13‧‧‧Second storage area 14‧‧‧ Third storage Zone 2‧‧‧External device AP‧‧‧Application DP‧‧‧Device application BL‧‧‧Black and white list HL‧‧‧Hardware list ES‧‧‧Event system DS‧‧‧Device file system

圖1係依據本發明之一實施例所繪示的具有裝置辨識功能的伺服器的功能方塊圖。 圖2係依據本發明之一實施例所繪示的裝置辨識方法的方法流程圖。FIG. 1 is a functional block diagram of a server with device identification function according to an embodiment of the invention. FIG. 2 is a method flowchart of a device identification method according to an embodiment of the invention.

Claims (8)

一種裝置辨識方法,包含:啟動一伺服器並執行該伺服器內的一應用程式;當執行該應用程式時,以該伺服器內的一事件系統偵測是否有一外接裝置插接至該伺服器的一裝置連接埠;當該事件系統偵測到有該外接裝置插接至該伺服器的該裝置連接埠時,以該伺服器內一裝置檔案系統擷取該外接裝置的資訊;依據該伺服器內存的一黑白名單比對該外接裝置的資訊,以判斷該外接裝置是否為合法裝置;以及當判斷該外接裝置係為合法裝置時,以該伺服器執行關聯於該外接裝置的裝置應用程式。A device identification method includes: starting a server and executing an application in the server; when executing the application, an event system in the server detects whether an external device is plugged into the server A device port of the device; when the event system detects that the external device is plugged into the device port of the server, a device file system in the server is used to retrieve the information of the external device; according to the server A black and white list in the memory of the device compares the information of the external device to determine whether the external device is a legal device; and when the external device is determined to be a legal device, the server executes the device application associated with the external device . 如請求項1所述的裝置辨識方法,更包含在執行該應用程式之後,執行一自我檢測程序,用於檢測該伺服器內的一主板上的多個硬體裝置,其中該自我檢測程序包含檢測該些硬體裝置的資訊是否符合一硬體清單的預設內容,以選擇性地啟用該些硬體裝置。The device identification method as described in claim 1, further includes executing a self-detection process for detecting multiple hardware devices on a motherboard in the server after executing the application program, wherein the self-detection process includes Detecting whether the information of the hardware devices matches the default content of a hardware list to selectively activate the hardware devices. 如請求項1所述的裝置辨識方法,其中依據該伺服器內存的該黑白名單比對該外接裝置的資訊,以判斷該外接裝置是否為合法裝置包含:對照該黑白名單所包含的多個白名單項目與該外接裝置的資訊;當該外接裝置的資訊符合該些白名單項目其中之一時,判斷該外接裝置為合法裝置;以及當該外接裝置的資訊不符合該些白名單項目任一者時,判斷該外接裝置為不合法裝置。The device identification method according to claim 1, wherein the black and white list of the server memory is compared with the information of the external device to determine whether the external device is a legal device. List items and information of the external device; when the information of the external device matches one of the white list items, the external device is judged to be a legal device; and when the information of the external device does not match any of the white list items , The external device is judged to be illegal. 如請求項1所述的裝置辨識方法,其中該外接裝置的資訊係為製造廠牌或型號。The device identification method according to claim 1, wherein the information of the external device is the manufacturer's brand or model. 一種具有裝置辨識功能的伺服器,包含:一主板;一裝置連接埠,電性連接該主板,該裝置連接埠用以供一外接裝置可插拔地連接;一第一儲存區,設於該主板上且用以儲存一應用程式及一裝置應用程式;一第二儲存區,設於該主板上且用以儲存一黑白名單;以及一第三儲存區,設於該主板上且用以儲存一事件系統及一裝置檔案系統;其中,該事件系統用以當該應用程式被執行時,偵測是否有一外接裝置插接至該伺服器的該裝置連接埠,該裝置檔案系統用以當偵測有該外接裝置插接至該伺服器的該裝置連接埠時,擷取該外接裝置的資訊;其中,該伺服器依據該黑白名單對照該外接裝置的資訊,判斷該外接裝置是否為合法裝置,且當判斷該外接裝置係為合法裝置時,該伺服器執行關聯於該外接裝置的該裝置應用程式。A server with device identification function includes: a main board; a device connection port electrically connected to the main board; the device connection port is used for pluggable connection of an external device; and a first storage area is provided in the On the motherboard and used to store an application program and a device application program; a second storage area on the motherboard and used to store a black and white list; and a third storage area on the motherboard and used to store An event system and a device file system; wherein, the event system is used to detect whether an external device is plugged into the device port of the server when the application is executed, and the device file system is used to detect When the external device is plugged into the device port of the server, the information of the external device is retrieved; wherein, the server compares the information of the external device with the black and white list to determine whether the external device is a legal device , And when it is determined that the external device is a legitimate device, the server executes the device application program associated with the external device. 如請求項5所述的具有裝置辨識功能的伺服器,其中該主板上設有多個硬體裝置,在執行該應用程式之後,該伺服器更執行一自我檢測程序,用於檢測該主板上的該些硬體裝置,其中於該自我檢測程序中,該伺服器依據該些硬體裝置的資訊查詢該第二儲存區的一硬體清單的內容,以選擇性地啟用該些硬體裝置。The server with device identification function as described in claim 5, wherein a plurality of hardware devices are provided on the motherboard, and after executing the application program, the server further executes a self-testing process for detecting the motherboard The hardware devices, wherein during the self-test process, the server queries the contents of a hardware list in the second storage area according to the information of the hardware devices to selectively activate the hardware devices . 如請求項5所述的具有裝置辨識功能的伺服器,其中該伺服器用以當該黑白名單內的多個白名單項目其中之一符合該外接裝置的資訊時,判斷該外接裝置為合法裝置。The server with a device identification function according to claim 5, wherein the server is used to determine that the external device is a legitimate device when one of the white list items in the black and white list matches the information of the external device . 如請求項5所述的具有裝置辨識功能的伺服器,其中該外接裝置的資訊係為製造廠牌或型號。The server with a device identification function according to claim 5, wherein the information of the external device is the manufacturer's brand or model.
TW107119783A 2018-06-08 2018-06-08 Method of device identification and server with function of device identification TW202001582A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW107119783A TW202001582A (en) 2018-06-08 2018-06-08 Method of device identification and server with function of device identification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107119783A TW202001582A (en) 2018-06-08 2018-06-08 Method of device identification and server with function of device identification

Publications (1)

Publication Number Publication Date
TW202001582A true TW202001582A (en) 2020-01-01

Family

ID=69941998

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107119783A TW202001582A (en) 2018-06-08 2018-06-08 Method of device identification and server with function of device identification

Country Status (1)

Country Link
TW (1) TW202001582A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI731821B (en) * 2020-10-28 2021-06-21 財團法人工業技術研究院 Method and system for establishing application whitelisting

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI731821B (en) * 2020-10-28 2021-06-21 財團法人工業技術研究院 Method and system for establishing application whitelisting

Similar Documents

Publication Publication Date Title
US8364974B2 (en) Pre-boot firmware based virus scanner
US9516056B2 (en) Detecting a malware process
US9262631B2 (en) Embedded device and control method thereof
US10817211B2 (en) Method for completing a secure erase operation
JP2007012032A (en) Usb-compliant personal key
US11601443B2 (en) System and method for generating and storing forensics-specific metadata
US7660412B1 (en) Generation of debug information for debugging a network security appliance
EP3029564B1 (en) System and method for providing access to original routines of boot drivers
CN107766734A (en) Clean boot RAID card method, apparatus, equipment and computer-readable recording medium
WO2019037521A1 (en) Security detection method, device, system, and server
US20110047305A1 (en) Apparatus and method for securing data of usb devices
TW202001582A (en) Method of device identification and server with function of device identification
CN111428240B (en) Method and device for detecting illegal access of memory of software
US12001556B2 (en) Anti-virus chip and anti-virus method
US11144217B2 (en) Data protection method and associated storage device
JP7404223B2 (en) System and method for preventing unauthorized memory dump modification
CN106775941A (en) A kind of virtual machine kernel completeness protection method and device
CN110580176A (en) Device identification method and server with device identification function
CH716699B1 (en) Method to thwart the removal of digital forensic science information by malicious software.
CN101539975B (en) System and method using wide area network connection for protecting assets
US20210240364A1 (en) Storing new settings for write-protected systems on non-write-protected storage
CN103927492B (en) A kind of data processing equipment and data guard method
US12008109B2 (en) Cloud based boot integrity
CN113378245B (en) Operation and maintenance method and device for security state data, electronic equipment and storage medium
US20090222635A1 (en) System and Method to Use Chipset Resources to Clear Sensitive Data from Computer System Memory